diff options
author | Abhishek Arya <inferno@chromium.org> | 2019-08-07 07:37:16 -0700 |
---|---|---|
committer | GitHub <noreply@github.com> | 2019-08-07 07:37:16 -0700 |
commit | cf4af869728ac4fc3b136695241882333cf01055 (patch) | |
tree | 81abbd70fae7a3eb10e113a3992e539db8d5215a /docs/reference | |
parent | c070f7fc7dbaede2e103e5d2cd79d7a2b7eb6255 (diff) | |
download | oss-fuzz-cf4af869728ac4fc3b136695241882333cf01055.tar.gz |
Switch docs to new structure (#2663)
Diffstat (limited to 'docs/reference')
-rw-r--r-- | docs/reference/glossary.md | 96 | ||||
-rw-r--r-- | docs/reference/reference.md | 9 | ||||
-rw-r--r-- | docs/reference/useful_links.md | 44 |
3 files changed, 149 insertions, 0 deletions
diff --git a/docs/reference/glossary.md b/docs/reference/glossary.md new file mode 100644 index 000000000..d5bf18bc6 --- /dev/null +++ b/docs/reference/glossary.md @@ -0,0 +1,96 @@ +--- +layout: default +title: Glossary +nav_order: 1 +permalink: /reference/glossary/ +parent: Reference +--- + +# Glossary + +For general fuzzing terms, see the [glossary] from [google/fuzzing] project, + +[glossary]: https://github.com/google/fuzzing/blob/master/docs/glossary.md +[google/fuzzing]: https://github.com/google/fuzzing + +- TOC +{:toc} +--- + +## OSS-Fuzz specific terms + +### ClusterFuzz + +A scalable fuzzing infrastructure that is used for OSS-Fuzz backend. +[ClusterFuzz] is also used to fuzz Chrome and many other projects. A quick +overview of ClusterFuzz user interface is available on this [page]. + +[page]: {{ site.baseurl }}/furthur-reading/clusterfuzz +[ClusterFuzz]: https://github.com/google/clusterfuzz + +### Fuzz Target + +In addition to its general definition, in OSS-Fuzz a fuzz target can be used to +[reproduce bug reports]({{ site.baseurl }}/advanced-topics/reproducing/). It is recommended to use it for +regression testing as well (see [ideal integration]({{ site.baseurl }}/advanced-topics/ideal-integration/)). + +### Job type + +Or **Fuzzer Build**. + +This refers to a build that contains all the [fuzz targets] for a given +[project](#project), is run with a specific [fuzzing engine], in a specific +build mode (e.g. with enabled/disabled assertions), and optionally combined +with a [sanitizer]. + +For example, we have a "libfuzzer_asan_sqlite" job type, indicating a build of +all sqlite3 [fuzz targets] using [libFuzzer](http://libfuzzer.info) and +[ASan](http://clang.llvm.org/docs/AddressSanitizer.html). + +### Project + +A project is an open source software project that is integrated with OSS-Fuzz. +Each project has a single set of configuration files +(example: [expat](https://github.com/google/oss-fuzz/tree/master/projects/expat)) +and may have one or more [fuzz targets] +(example: [openssl](https://github.com/openssl/openssl/blob/master/fuzz/)). + +### Reproducer + +Or a **testcase**. + +A [test input] that causes a specific bug to reproduce. + +[fuzz targets]: https://github.com/google/fuzzing/blob/master/docs/glossary.md#fuzz-target +[fuzzing engine]: https://github.com/google/fuzzing/blob/master/docs/glossary.md#fuzzing-engine +[sanitizer]: https://github.com/google/fuzzing/blob/master/docs/glossary.md#sanitizer +[test input]: https://github.com/google/fuzzing/blob/master/docs/glossary.md#test-input + +### Sanitizers + +Fuzzers are usually built with one or more [sanitizer](https://github.com/google/sanitizers) enabled. +You can select sanitizer configuration by specifying `$SANITIZER` build environment variable using `-e` option: + +```bash +python infra/helper.py build_fuzzers --sanitizer undefined json +``` + +Supported sanitizers: + +| `$SANITIZER` | Description +| ------------ | ---------- +| `address` *(default)* | [Address Sanitizer](https://github.com/google/sanitizers/wiki/AddressSanitizer) with [Leak Sanitizer](https://github.com/google/sanitizers/wiki/AddressSanitizerLeakSanitizer). +| `undefined` | [Undefined Behavior Sanitizer](http://clang.llvm.org/docs/UndefinedBehaviorSanitizer.html). +| `memory` | [Memory Sanitizer](https://github.com/google/sanitizers/wiki/MemorySanitizer).<br/>*NOTE: It is critical that you build __all__ the code in your program (including libraries it uses) with Memory Sanitizer. Otherwise, you will see false positive crashes due to an inability to see initializations in uninstrumented code.* +| `profile` | Used for generating code coverage reports. See [Code Coverage doc]({{ site.baseurl }}/advanced-topics/code-coverage/). + +Compiler flag values for predefined configurations are specified in the [Dockerfile](https://github.com/google/oss-fuzz/blob/master/infra/base-images/base-builder/Dockerfile). +These flags can be overridden by specifying `$SANITIZER_FLAGS` directly. + +You can choose which configurations to automatically run your fuzzers with in `project.yaml` file (e.g. [sqlite3](https://github.com/google/oss-fuzz/tree/master/projects/sqlite3/project.yaml)): + +```yaml +sanitizers: + - address + - undefined +```
\ No newline at end of file diff --git a/docs/reference/reference.md b/docs/reference/reference.md new file mode 100644 index 000000000..0d41025cb --- /dev/null +++ b/docs/reference/reference.md @@ -0,0 +1,9 @@ +--- +layout: default +title: Reference +has_children: true +nav_order: 6 +permalink: /reference/ +--- + +# Reference diff --git a/docs/reference/useful_links.md b/docs/reference/useful_links.md new file mode 100644 index 000000000..50e57cf77 --- /dev/null +++ b/docs/reference/useful_links.md @@ -0,0 +1,44 @@ +--- +layout: default +title: Useful links +nav_order: 2 +permalink: /reference/useful-links +parent: Reference +--- + +# Useful links + +- TOC +{:toc} +--- + +## Web Interface + +* The main page: [oss-fuzz.com](https://oss-fuzz.com) + +## Build Status + +* [This page](https://oss-fuzz-build-logs.storage.googleapis.com/index.html) + gives the latest build logs for each project. + +* (Internal only) [Builds dashboard](https://builder.oss-fuzz.com). + +## Blog posts + +* 2016-12-01 ([1](https://opensource.googleblog.com/2016/12/announcing-oss-fuzz-continuous-fuzzing.html), +[2](https://testing.googleblog.com/2016/12/announcing-oss-fuzz-continuous-fuzzing.html), +[3](https://security.googleblog.com/2016/12/announcing-oss-fuzz-continuous-fuzzing.html)) +* 2017-05-08 ([1](https://opensource.googleblog.com/2017/05/oss-fuzz-five-months-later-and.html), +[2](https://testing.googleblog.com/2017/05/oss-fuzz-five-months-later-and.html), +[3](https://security.googleblog.com/2017/05/oss-fuzz-five-months-later-and.html)) +* 2018-11-06 ([1](https://security.googleblog.com/2018/11/a-new-chapter-for-oss-fuzz.html)) + +## Tutorials + +* [libFuzzer documentation](http://libfuzzer.info) +* [libFuzzer tutorial](http://tutorial.libfuzzer.info) +* [libFuzzer workshop](https://github.com/Dor1s/libfuzzer-workshop) +* [Structure-Aware Fuzzing with libFuzzer](https://github.com/google/fuzzer-test-suite/blob/master/tutorial/structure-aware-fuzzing.md) +* [Chromium Fuzzing Page](https://chromium.googlesource.com/chromium/src/testing/libfuzzer/) +* [Chromium Efficient Fuzzing Guide](https://chromium.googlesource.com/chromium/src/testing/libfuzzer/+/HEAD/efficient_fuzzing.md) +* [ClusterFuzz documentation](https://google.github.io/clusterfuzz/) |